c 



no 



PTO/SB/05 (4/98) 

Approved for use through 09/30/2000- 0MB 0651-0032 
Patent and Trademark Office- US DEPARTMENT OF COMMENCE 
Under the Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number 



l UTILITY 

PATENT APPLICATION 
TRANSMITTAL 

i 'Only for non provisional applications under 37 C.F R. § 1 53(b)) 



Attorney Docket No. 



252/109 



First inventor or Application Identifier Cook et al 



Titlq 



METHOD AND SYSTEM FOR MANAGEMENT AND 
NOTIFICATION OF ELECTRONIC CERTIFICATE 
CHANGES 



Express Mail Label No. EL580046427US 



-u- 



APPL1CATION ELEMENTS 

See MPEP chapter 600 concerning utility patent application contents. 



ADDRESS TO: 



Assistant Commissioner for Patents-m 
Box Patent Application 
Washington, DC 20231 



D * Fee Transmittal Form (e.g., PTO/SB/17) 

(Submit an original and a duplicate for fee processing) 

0 Specification [Total Pages 27 ] 

(preferred arrangement set forth be(ow) 
Descriptive title of the Invention 

Cross References to Related Applications 

Statement Regarding Fed sponsored R&D 

Reference to Microfiche Appendix 

Background of the invention 

Brief Summary of the I nvention 

Brief Description of the Drawings (// fifed) 

Detailed Description 

Claim(s) 

Abstract of the Disclosure 



5. □ Microfiche Computer Program (Appendix) 

6. □ Nucleotide and/or Amino Acid Sequence Submission 

(if applicable, all necessary) 

a. □ Computer Readable Copy 

b. □ Paper Copy (identical to computer copy) 

c. □ Statement verifying identity of above copies 



ACCOMPANYING APPLICATION PARTS 



3. 0 Drawings(s) (35 U.S.C. 113)Tota\ Sheets _J_ 



4. □ 



Oath or Declaration [Total Pages _ 

□ Newly executed (original or copy) 



□ Copy from a prior application (37 C.F.R. § 
1 .63(d)) 

i. □ DELETION OF INVENTORS 

Signed statement attached deleting 
inventor(s) named in the prior application, 
see 37 C.F.R. §§ 1.63(d)(2) and 1.33(b). 



7. 


□ 


8. 


□ 


9. 


□ 


10. 


□ 




O 


11. 


□ 


12. 




13. 


O 




□ 


14. 


□ 



NOTE FOR ITEMS 1 &13 : IN ORDER TO BE ENTITLED TO PAY SMALL ENTITY 
FEES, A SMALL ENTITY STATEMENT IS REQUIRED (37 C.F.R. § 1.27), EXCEPT IF 
ONE FILED IN A PRIOR APPLICATION IS RELIED UPON {37 C.F.R. § 1.28 



15. □ 



Assignment Papers (cover sheet & documents)) 
37 C.F.R. §3. 73(b) Statement O Power of 
(when there is an assignment) Attorney 

English Translation Document (if applicable) 

Information Disclosure Statement (IDS/PTO-1449) 

Copies of IDS Citations 

Preliminary Amendment 

Return Receipt Postcard (MPEP 503) 

Small Entity Statement(s) (PTO/SB/09-1 2) 
Statement filed in prior application, status stiil proper 
and desired. 

Certified copy of Priority Document(s) (if foreign 
priority is claimed) 

Other: 



16. If a CONTINUING APPLICATION, check appropriate box, and supply the requisite information below and in a preliminary amendment: 

□ Continuation □ Divisional □ Continuation-in-part (CIP) of prior application No.: _/ 

Prior application information: Examiner Group/Art Unit 

For CONTINUATION or DIVISIONAL APPS only : The entire disclosure of the prior application, from which an oath or declaration is supplied under 
Box 4b, is considered a part of the disclosure of the accompanying continuation or divisional application and is hereby incorporated by 

reference. The incorporation can only be relied upon when a portion has been inadvertently omitted from the submitted application parts. 

17. CORRESPONDENCE ADDRESS 



& Customer Number or Bar Code Label 




22249 



PATENT TRADEMARK OFFICE 



LYON & LYON LLP 

Suite 4700 

633 West Fifth Street 

Los Angeles, California 90071 

(213) 489-1600 



Name (Print/Type) 


Ivan Posey 


Reg. No. (Attorney/Agent) 


43,865 


Signature 




Date 


May 19, 2000 



Burden Hour Statement: This form is estimated to take 0.2 howr^fo complete. Time will vary depending upon the needs of the individual case Any 
comments on the amount of time you are required to complete this form should be sent to the Chief Information Officer, Patent and Trademark Office, 
Washington, DC 20231. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO Assistant Commissioner for Patents, 
Box Patent Application, Washington, DC 20231. 



DC-323.1 



Patent 
252/109 

METHOD AND SYSTEM FOR MANAGEMENT AND 
NOTIFICATION OF ELECTRONIC CERTIFICATE CHANGES 

BACKGROUND OF THE INVENTION 

5 

1. Field of the Invention 

A system and method for management and notification of changes in condition of 
electronic certificates is disclosed. Specifically, a system and method for allowing 
10 electronic certificate users to contract with a server for receiving notifications of changes in 
conditions of electronic is disclosed. 

2. Description of the Prior Art and Related Information 

A public key infrastructure (PKI) enables users of a public network, such as the 
Internet, to securely and privately exchange data and money through the use of public and 
1 5 private cryptographic key pairs. The public key of the key pair may comprise all or part of 
a digital, or electronic, certificate. The public key infrastructure provides for electronic 
certificates that can identify individuals or organizations and directory services that can 
store and, when necessary, revoke them. Although the components of a PKI are generally 
understood, a number of different vendor approaches and services are emerging. 
20 Meanwhile, Internet standards for PKIs are currently being developed. 

The public key infrastructure assumes the use of public key cryptography, which is 
the most common method on the Internet for authenticating a message sender or 
encrypting or decrypting a message. Traditional cryptography has usually involved the 
creation and sharing of a private key for the encryption and decryption of messages. This 
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secret key system has the significant flaw that if the key is discovered or intercepted by 
someone else, messages can easily be decrypted. For this reason, public key cryptography 
and the public key infrastructure is the preferred approach on the internet. The secret key 
system is sometimes known as symmetric cryptography and the public key system as 
5 asymmetric cryptography. 

A public key infrastructure (PKI) may comprise a certificate server that may 
comprise a certificate authority (CA) that issues, verifies, signs, and/or stores electronic 
certificates. The certificate server may further comprise a server having an X.509 directory 
or a PGP key server. An electronic certificate may include the public key or information 

10 about the public key. The infrastructure may further include registration authorities (RAs) 
which act as verifiers for the certificate server before an electronic certificate is issued to a 
requestor. The infrastructure may further include one or more directories where the 
electronic certificates, with their public keys, are stored, usually in an ITU X.500 standard 
directory. The electronic certificates are managed by a certificate management system. 

15 In public key cryptography, the public key and corresponding private key are 

created using a cryptographic algorithm, such as the popular algorithm known as RSA, 
typically by the owner of the private key. The public key is then embodied in an 
electronic certificate that may be issued by a certificate authority, or perhaps self-issued by 
the owner of the private key, and then the certificate is made publicly available in a 

20 directory that all parties can access. The private key is not disclosed to outside parties. 
Thus, if a user of the electronic certificate wants to send a message to the holder of the 
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private key, who is the owner of the electronic certificate, the user may find the owner's 
electronic certificate, but not the owner's private key, on the certificate server's directory 
and encrypt a message to the owner using the public key. When the owner of the 
electronic certificate receives the message, the owner may decrypt it with the owner's 
5 private key. In addition to encrypting messages (which ensures privacy), the user can 

authenticate itself to the owner by using the user's private key to sign an electronic digest. 
When the owner receives the message, the owner can use the user's public key to verify 
the message. 

A number of current products enable a company or group of companies to 
10 implement a PKI. The acceleration of e-commerce and business-to-business commerce 
over the Internet has increased the demand for PKI solutions. Related ideas are virtual 
private networks (VPNs) and the IP Security (IPSec) standard. Some PKI system vendors 
include: 

RSA Security, Inc., which has developed the main algorithms used by 
1 5 PKI vendors; 

Verisign, which acts as a certificate authority and sells software that 
allows a company to create its own certificate authorities; 

GTE, which provides a system called CYBERTRUST, which provides a 
PKI implementation methodology and consultation service; 
20 Check Point, which offers a product, VPN-1 CERTIFICATE 

MANAGER, that is based on the NETSCAPE DIRECTORY SERVER; 
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Xcert, whose WEB SENTRY product checks the revocation status of 
certificates on a server, using the online certificate status protocol (OCSP); 

Netscape, whose DIRECTORY SERVER product is said to support 50 
million objects and process 5,000 queries a second; and whose SECURE E- 
5 COMMERCE product allows a company or extranet manager to manage 

electronic certificates; and whose META-DI RECTORY product can connect 
all corporate directories into a single directory for security management; and 

Entrust Technologies of Piano, Texas, which is another prominent PKI 
vendor. 

10 For e-mail, the PRETTY GOOD PRIVACY (PGP) product by Network Associates, 

Inc. of San Jose, California, lets users encrypt a message to anyone who has a PGP public 
key. A user encrypts a message with recipient's public key and the certificate owner 
decrypts the message with their private key. PGP users share directories of public keys 
stored on PGP key servers. As another option, PGP lets the user digitally sign the message 

15 with a digital signature using the user's private key. The recipient who is the certificate's 
owner can then get the user's public key and verify the user's signature to see whether it 
was really the user who sent the message. 

An electronic certificate can also be used as an electronic credit card that 
establishes the owner's credentials when doing business or other transactions on the 

20 Internet or other networks. It is typically issued by a certificate authority, and contains the 
owner's name, a serial number, expiration dates, a copy of the certificate holder's public 

4 

: :ODMA\PCDOCS\OCLYON\48249\7 



Patent 
252/109 

key, and the digital signature of the certificate authority so that a recipient can verify that 
the certificate is real. Some electronic certificates conform to a standard known as X.509. 

One of the most common problems with PKIs, and the like, is that when certificates 
change, it is generally up to all the users of the electronic certificate to find out that such a 
5 change occurred. Often, users are too busy to check all of the electronic certificates that 
they use, or do not have the resources to constantly do so. Further, if a user does decide to 
check if a particular electronic certificate has changed, they must search through large 
databases on the certificate server. An example of a change in condition of an electronic 
certificate is revocation of the electronic certificate, that is declaring the electronic 

10 certificate to be invalid. 

Attempts have been made to solve the shortcomings of the prior art, at least with 
respect to revocation. For example, U.S. Patent No. 5,687,235 discloses an electronic 
certificate revocation process that improves the efficiency of an authentication exchange in 
a public key distributed network system. Specifically, the revocation service (RS) that, in 

1 5 response to a unique request from a server node, selects certain revoked electronic 

certificates from a current certificate revocation list (CRL) to include in its reply so as to 
consume minimal system bandwidth is described. The unique request includes a number 
of parameters for consideration by the RS in generating its reply, including a maximum 
CRL size and/or a timestamp. The maximum CRL size indicates the largest number of 

20 revoked certificate serial numbers that the server node can process and thus receive in the 
revocation service reply, whereas the timestamp indicates the latest electronic certificate 
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revocation date of the certificates included in the CRL presently retained by the server 
node. The RS generates an optimal CRL for its reply that contains all, part, or none of the 
current CRL revoked certificate serial numbers. Determination of the optimal CRL entails 
consideration of any number and combination of optimization factors, including the 
5 number of revoked certificates stored in the CRL storage facility and the time remaining 
before the current CRL is to be updated by a certificate authority (CA), the expiration date 
of the certificates, as well as the maximum CRL size and/or timestamp parameters provided 
to the RS in the server node request. The server node may control whether it will receive 
an optimal CRL and if so, what portion of the current CRL it will include by manipulating 

10 the parameters it provides to the RS. This enables each server node to request the CRL 
based upon its own specific security needs while optimizing the certificate revocation 
process. Further, the RS and/or server node may discard certificate serial numbers as their 
expiration dates come to pass. 

U.S. Patent No. 5,666,416 discloses a method of managing electronic certificates in 

1 5 a communication system having a certifying authority and a directory. The method begins 
by having the certifying authority generate electronic certificates by digitally signing a 
given piece of data. At a later point time, the certifying authority may produce a string that 
proves whether a particular electronic certificate is currently valid without also proving the 
validity of at least some other certificates. The technique obviates use of certification 

20 revocation lists communicated between the certifying authority and the directory 

U.S. Patent No. 5,793,868 discloses a method for authenticating information about 
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revoked electronic certificates that includes generating data identifying the revoked 
electronic certificates, generating information about the revoked electronic certificates 
including the data without including the revocation date of every one of the revoked 
electronic certificates, and having the certificate authority authenticate the information. 
5 The data may be generated by performing a hash of at least a portion of each of the 
electronic certificates. Generating information about the revoked electronic certificates 
may include adding a date indicating when the information was authenticated and may 
exclude the revocation date of any one of the revoked electronic certificates in the list. 

None of the above mentioned systems solve the problems associated with the user 

10 of an electronic certificate having to take a proactive role in tracking and dealing with 
changes in conditions of electronic certificates. Further, none of the above systems 
provide for a notification service for changes in conditions of electronic certificates. 
Further, none of the above systems provide a system for collecting revenues for such a 
notification system. 

15 SUMMARY OF THE INVENTION 

To solve the problems cited above, the invention is a system for notification of a 
change in condition of an electronic certificate. Specifically, the system includes a 
processor having a computer program comprising a plurality of executable modules that 
are executable on the processor. A first executable module is for detecting a change in 

20 condition of an electronic certificate. The electronic certificate may have been uploaded 
by a creator of the electronic certificate for use by users of the electronic certificate. The 
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change in the electronic certificate may be effectuated by the owner of the electronic 
certificate, or a third party system wherein a change signal is provided for ordering the 
change in the electronic certificate. A second executable module in the computer program 
is for notifying a user of the electronic certificate of the change in condition. 
5 The user of the electronic certificate may comprise a certificate user. The certificate 

user may also comprise one or more of a plurality of users in a company who are notified 
when any electronic certificate in the company's domain is revoked or changed. Some or 
all of the users in the company may not even have received, or known of, the electronic 
certificate until notice of the change is provided. 

10 The computer program may comprise a third module for negotiating a contract, 

called a certificate action point (CAP), with the certificate user. The contract may regard 
the type of change the second module notifies the certificate user of, the way the second 
module notifies the certificate user, the diligence with which the second module notifies 
the certificate user of the change in condition, and a price for notifying the certificate user. 

1 5 The change in condition may comprise a revocation of, roll-over of, change in field of, 
disablement of, or expiration of the electronic certificate. The certificate server may 
forward an updated electronic certificate read from the certificate server to the certificate 
user, thereby updating the electronic certificate with respect to the certificate user to the 
new version of the electronic certificate. Alternatively, the certificate server may 

20 selectively allow the certificate user to download an updated version of the electronic 

certificate. The frequency with which the electronic certificate is checked for changes, and 
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notification is forwarded to the certificate user, may be anywhere from every second in 
time, to once a week or more, depending on the CAP that was negotiated. The length of 
time that the CAP is in place may further be negotiated by the third module. This length of 
time could be either one day or last in perpetuity, depending on the CAP negotiated. 
5 The certificate server typically stores a plurality of electronic certificates. The 

electronic certificate for which the first module detects a change in condition comprises at 
least one of the plurality of electronic certificates. The electronic certificates may be stored 
in an ITU X.500 certificate directory on the certificate server, or the certificate server may 
comprise a certificate authority or a PGP key server. The first module may detect a change 

10 in condition of two or more electronic certificates, and the second module is for notifying 
one or more respective certificate users of the change in condition of the respective 
electronic certificate based on contract negotiated by the third module. Each of the 
certificate users negotiates a CAP for notification. Each CAP may apply to one or more of 
the electronic certificates. 

15 In an alternative embodiment, the electronic certificate may be stored separately 

from the computer program. For example, the electronic certificate may be stored on a 
first server in a directory stored on the first server, the first server being a certificate server, 
and the processor on which the computer program and its executable modules are stored 
and executed comprises a second server, or certificate action point server (CAP server). 

20 However, preferably, the CAP server is co-resident with the certificate server as in the 

above described embodiment, meaning that the CAP server comprises the same server, or 
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server cluster, as the certificate server. At least the first module is preferably co-resident on 
the certificate server. If the certificate server and CAP server are not co-resident, a 
communication channel between them connects the certificate server to the CAP server 
such that data communications may occur between them. The communication channel 
may comprise a network, wherein said certificate and CAP servers each have a network 
interface for data communications in said network. Each of the network interfaces may 
comprise a local or wide area network connection comprising an Ethernet compatible 
interface or Internet connection respectively. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 is a block diagram illustrating a system architecture for present invention; 

Fig. 2 is a flow diagram illustrating a method performed by the system of Fig. 1 or 

Fig. 4; 

Fig. 3 is a block diagram of an exemplary screen used in negotiating a contract 
using a module of the system of Fig. 1 or Fig. 4; and 

Fig. 4 is a block diagram illustrating an alternative system architecture for present 
invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
With reference to Fig. 1, a block diagram illustrating a system architecture for a 
system for notification of a change in condition of an electronic certificate is shown. The 
system includes a certificate server 100, having processor 200, the processor 200 having a 
computer program 204 comprising a plurality of executable modules 206-210 that are 
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executable on the processor 200. A first executable module 206 is for detecting a change 
in condition of an electronic certificate 154. The electronic certificate 154 may have been 
uploaded by a creator 20 of the electronic certificate 1 54 for use by users 30 of the 
electronic certificate 1 54. The change in the electronic certificate 1 54 may be effectuated 
5 by the owner of the electronic certificate 20, or a third party system wherein a change 
signal 10 is provided for ordering the change in the electronic certificate 1 54. 
Alternatively, the change in the electronic certificate may be due to something internal in 
the electronic certificate 154 itself, such as an expiration date causing the electronic 
certificate 1 54 to expire. A second executable module 208 in the computer program 204 

10 is for notifying a user 30 of the electronic certificate 154 of the change in condition. 

The user of the electronic certificate 1 54 may comprise a certificate user 30. The 
certificate user 30 may also comprise one or more of a plurality of users in a company who 
are notified when any electronic certificate 1 54 in the company's domain is revoked or 
changed. Some or all of the users in the company may not even have received, or known 

15 of, the electronic certificate 1 54 until notice of the change is provided. 

The computer program 204 may comprise a third module 210 for negotiating a 
contract, called a certificate action point (CAP), with the certificate user 30. The contract 
may regard the type of change the second module 208 notifies the certificate user 30 of, 
the way the second module 208 notifies the certificate user 30, the diligence with which 

20 the second module 208 notifies the certificate user 30 of the change in condition, and a 
price for notifying the certificate user 30. Examples of diligence include: notify weekly by 
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electronic mail, notify daily by electronic mail until response is received from certificate 
user 30, notify every five minutes until a response is received from certificate user 30, or 
notify by all possible means until response is received. The change in condition may 
comprise an expiration of the electronic certificate 154. 
5 There are at least two types of changes in condition in an electronic certificate 1 54 

that can be detected by module 206. The first type of change involves a change in content 
of the electronic certificate 154, up to and including the replacement of the entire 
electronic certificate 154 with a new electronic certificate (154a explained below) and key 
pair that is to be used instead, a change which is commonly called "roll-over". For PGP 

10 type electronic certificates 1 54, revocation also falls into this category, because the 
revocation information is stored with the electronic certificate 154. Other changes in 
content include, but are not limited to, changes to fields of the electronic certificate 1 54, 
e.g. change of address, change of title, change of permitted usage of the certificate, etc. 
The second type of change in condition comprises an event, perhaps time-based, 

1 5 such as expiration, that does not involve any actual change to the content of the certificate, 
but is certainly a change in condition (e.g., now expired). For X.509 electronic certificates 
154, revocation also fits into this category, because the revocation information is not stored 
along with the electronic certificate 1 54, but in a second list called a certificate revocation 
list, or CRL. Another change in condition is disablement, or declaring the electronic 

20 certificate 1 54 and its key pair to no longer be in active use, which PGP implements by 
changing the content of the electronic certificate 1 54. However X.509 could implement 
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this in an event-based manner, similar to revocation. 

To summarize the types of changes that may occur, the following is a list of possible 
changes in condition that may occur, but which is not meant to be a limiting list: 
revocation, 
5 roll-over (change of public key), 

changes to fields of certificate, 
expiration, and 
disablement 

Detection of change in condition of an electronic certificate 154 can be 
10 accomplished by module 206 in many different ways. For time-based events, such as 
expiration, a time-based process can be used that wakes up when the event occurs, and 
then starts the notification process. For asynchronous events, such as the appearance of a 
revoked electronic certificate 154 on a CRL, a process in module 206 wakes up on each 
update to the CRL and checks for addition of revoked electronic certificates that had 
1 5 associated CAPs for detecting revocation, or the process checks CRLs periodically 

according to some time schedule. For change in content of an electronic certificate 1 54, 
the detection mechanism may be notified by the certificate server 100 each time a change 
or replacement was made to an electronic certificate 1 54, and determine if the change was 
pertinent to a CAP. Of course, such a detection mechanism need not be notified of every 
20 change to every electronic certificate 1 52, but could be limited by being attached only to 
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those electronic certificates 154 that had associated CAPs. 

The certificate server 100 may forward an updated electronic certificate 1 54a to the 
certificate user 30, thereby updating the electronic certificate 1 54 with respect to the 
certificate user 30 to the new version of the electronic certificate 1 54a. Alternatively, the 
5 processor 200 may selectively allow the certificate user 30 to download an updated 
version of the electronic certificate 1 54. The frequency with which the electronic 
certificate 1 54 is checked for changes, and notification is forwarded to the certificate user 
30, may be anywhere from every second in time, to once a week or more, depending on 
the CAP that was negotiated. The length of time that the CAP is in place may further be 

10 negotiated by the third module 210. This length of time could be either one day or last in 
perpetuity, depending on the CAP negotiated. 

The certificate server 100 typically stores a plurality of electronic certificates 152. 
The electronic certificate 1 54 for which the processor 200 detects a change in condition 
comprises at least one of the plurality of electronic certificates 1 52. The plurality of 

1 5 certificates 1 52 may stored on the certificate server 100 in an ITU X.500 certificate 

directory, or the certificate server 100 may further comprise a certificate authority or PGP 
key server. The first module 206 may detect a change in condition of two or more 
electronic certificates 1 52, and the second module is for notifying one or more respective 
certificate users 30 of the change in condition of the respective electronic certificate 154 

20 based on the contract, or CAP, negotiated by the third module 210. Each of the certificate 
users 30 negotiates a CAP for notification. Each CAP may apply to one or more of the 
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electronic certificates 152. 

With reference to Fig. 2, a flow diagram illustrating a method practiced by the 
system of Fig. 1 is shown. In Figs. 1-2, two hypothetical users of the system nicknamed 
Alice and Bob are used to illustrate the method. The certificate server 100 stores Alice's 
5 electronic certificate 1 54, step 250. Alice 20, the owner of an electronic certificate 1 54, 
may decide to provide the electronic certificate 1 54 to the certificate server 100, and to a 
user 30 of the electronic certificate 1 54, in this case Bob. Submission of the electronic 
certificate 1 54 may be made by other means other than from Alice 20. For example, a 
company's certificate authority may issue Alice's electronic certificate 1 54. Alternatively, 
10 Alice 20 may transmit a certificate request to the certificate server 100 resulting in the 
creation of an electronic certificate 1 54 for Alice 20 that can be downloaded by Bob 30. 
Further, the electronic certificate 154 may be distributed to Bob on machine readable 
magnetic media such as floppy disk, or on a machine readable optical media such as a CD 
ROM device. 

15 Alice 20 and Bob 30 in this illustration are symbolic persons and at least one for 

each person of a plurality of workstations, personal computers, or other type of processors 
capable of electronic communications with the certificate server 100, for input, processing, 
and use of electronic certificates 152. Electrical communications may be accomplished 
through a local area network, wide area network, Intranet, Internet or other type of 
20 network or communications line recognized by those skilled in the art. 

The certificate server 100 may sign, or authenticate, Alice's electronic certificate 
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154, in which case, the newly signed electronic certificate 154 is stored on the certificate 
server 100 for distribution to all users 30 of the electronic certificate 154. The signing 
process may comprise the certificate server 100 executing various authentication 
procedures to make sure that Alice 20 is the one who submitted the electronic certificate 
5 1 54. In some cases, for high security applications, a person representing the certificate 
server 100 may call Alice by telephone to verify the electronic certificate 1 54. Once the 
verification criteria are satisfied, Alice's electronic certificate 1 54 is added to the directory 
of electronic certificates 1 52. 

After receiving, or before downloading, the electronic certificate 1 54, Bob 30 may 

10 construct a contract, or CAP, with the certificate server 100 using module 210, step 254. 
The CAP is for notification of changes in the electronic certificate 1 54. Contract 
construction is explained with reference to Fig. 3 below. Bob 30 submits the contract to 
the certificate server 100, step 256. Using module 210, the processor 200 determines 
whether the contract submitted by Bob 30 is acceptable, step 258. There may be many 

1 5 reasons why the contract submitted by Bob 30 would not be acceptable, including without 
limitation: price paid by Bob 30 for the notification service, capability of processor 200 to 
carry out terms of contract (e.g. the frequency of notification asked for by Bob 30 may be 
to high for processing by the processor 200), the diligence with which Bob 30 would like 
to be notified of the change (e.g. the number of times contact is attempted with Bob 30), or 

20 the type of change in the electronic certificate 1 54 that Bob 30 would like detected. 
Another reason for not accepting the contract is that Bob 30 may not be authorized to 
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make such a contract because Alice 20 may have requested that only certain users may 
receive notification. If the contract is not accepted, then module 210 may present a means 
for asking Bob 30 if he would like to negotiate, step 259, such as a yes-no box. If Bob 30 
chooses to, he may continue to negotiate the contract with module 210, step 260. 

5 If the contract is accepted, module 206 executes a wait statement, according to the 

terms of the contract with Bob 30, until a change in the electronic certificate 154 is 
detected, step 262. Once the change is detected, the module 208 notifies Bob 30 of the 
change, step 264. Notification may be by electronic mail, voice phone, cell phone 
message, paging, or other method known to those skilled in the art for forwarding a 

10 message to a recipient. The diligence negotiated with Bob 30 for notification is carried out 
by module 208. For example, if notification is by electronic mail, the contract with Bob 30 
may call for attempted notification until Bob 30 responds by return electronic mail 
message, or reply. If notification is by voice phone, the module 208 may be required by 
contract to call until Bob's voice is detected answering the phone. 

1 5 The change detected by module 206 in the electronic certificate 1 54 may comprise 

the reception by the certificate server 100 of an updated electronic certificate 154a that is 
stored in a directory with the plurality of electronic certificates 1 52 on the certificate server 
100. Module 208 may check the CAP for whether an updated electronic certificate 1 54a, 
if any, should be pushed to Bob 30, step 266. If the contract so calls for a push of the 

20 updated electronic certificate 1 54a, then the updated electronic certificate 1 54a may be 
forwarded by electronic mail to Bob 30, step 268. As those skilled in the art would 
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recognize, forwarding of the electronic certificate may be accomplished by other means 
such as by automated updating directly to Bob's workstation, or by providing a CD ROM 
of changed certificates to Bob, or by sending a floppy disk of the updated electronic 
certificate 1 54a to Bob 30. Preferably, the same method for delivery of the updated 
5 electronic certificate 154a should be used for notification of the change in the electronic 
certificate 1 54. The notification would preferably be provided at the same time, and in the 
same way, as the provision of the updated electronic certificate 154a to Bob 30, for 
example, within the same electronic mail transmission. This way, Bob 30 may immediate 
store the updated electronic certificate 1 54a in local storage for use. 

10 With reference to Fig. 3, an exemplary screen used in negotiating a contract using 

module 210 is shown. A screen 400 may comprise a hypertext markup language (HTML) 
coded display for presenting in a browser window on the workstation 30 of the user 
(shown as Bob 30 in Fig. 1) of the electronic certificate 154. The screen 400 comprises a 
plurality of fields 402 used for the contract negotiation process. Each field 402 may use a 

1 5 drop down selection list button 404 for selection to choose items from a selection list of 
contract terms, each contract term defining the notification service offered to the user 30 of 
the electronic certificate. For example, one field may be used for selecting the frequency 
that the user 30 is notified of a change in the electronic certificate 1 54. The selection list 
for this contract term may comprise selections for every month, every week, every day, or 

20 every minute. If the user 30 was to choose every day, the contract would direct module 
206 to check for changes in the relevant electronic certificate 1 54 once a day. Other terms 

18 

::ODMA\PCDOCS\OCLYON\48249Y7 



Patent 
252/109 

selected by fields 402 may include the price offered by Bob 30 for the notification service, 
the diligence with which the user 30 would like to be notified of the change (e.g. the 
number of times contact is attempted with the user 30), or the type of change in the 
electronic certificate 1 54 that user 30 would like detected. Each of these selections using 
5 fields 402 are stored in a database on the certificate server 100. Modules 206 and 208 

read the selection from the database with each cycle of execution loops in their executable 
code, such that the modules may perform based on the selections of the user 30. 

Module 210 may not accept the selections from the user 30. Acceptance, or non 
acceptance may be based on tables of price to services offered, or acceptance may be 

10 delayed for time for a system administrator for the processor 200 to view the contract terms 
selected by the user 30. If the contract is not accepted, then the user 30 may be notified in 
real time on screen with a message and an audible tone, or by electronic mail, or other 
means such as by voice or paging. If the contract is not accepted, negotiations may take 
place wherein the user 30 is invited back to screen 400 for further modifications of the 

1 5 terms using fields 402. 

Finally, like other contracts, the contract that is negotiated by the user 30 may have 
an expiration date, just as electronic certificates 152 so have. The expiration date may be 
one of the terms selected using one of the fields 402. The user 30 may be notified in 
advance before expiration of their contract so that re-negotiations may begin. 

20 Those skilled in the art would recognize that the system may be configured in many 

different configurations other than that described above. For example, with reference to 
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Fig. 4, an alternative embodiment of the system of Fig. 1 is shown. The electronic 
certificate 1 54 may be stored separately from the computer program 204. For example, 
the electronic certificate 1 54 may be stored on a first server 1 50 in a directory stored on 
the first server 1 50, the first server being a certificate server 1 50, and the processor 200 on 
5 which the computer program 204 and at least some of its executable modules are stored 
and executed comprises a second server 200, or certificate action point server (CAP 
server). However, preferably, the CAP server 200 is co-resident with the certificate server 
1 50 as describe with respect to Fig. 1 above, meaning that the CAP server 200 comprises 
the same server 100, or server cluster 100, as the certificate server 150. 

10 If the certificate server 1 50 and CAP server are not co-resident, a communication 

channel 104 between them connects the certificate server 150 to the CAP server 200 such 
that data communications may occur between them. However, at least the first module 
206 is preferably co-resident on the certificate server 1 50 as described above with respect 
to Fig. 1. The electrical connection 104 may comprise a network, wherein said first and 

1 5 second servers 1 50-200 each have a network interface 1 70, 220 for data communications 
in said network 104. Each of the network interfaces 1 70, 220 may comprise a local or 
wide area network connection comprising an Ethernet compatible interface or Internet 
connection respectively. 

It will thus be seen that changes may be made in carrying out the above system and 

20 method and in the construction set forth without departing from the spirit and scope of the 
invention, it is intended that any and all matter contained in the above description and 
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shown in the accompanying drawings shall be interpreted as illustrative and not in a limiting 
sense. 
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CLAIMS 

We Claim: 

1 1 . In a system adapted for monitoring for changes in condition of one or more 

2 electronic certificates, and adapted for communication with a user of the one or more 

3 electronic certificates, a method for notification of a change in condition of an electronic 

4 certificate, comprising: 

5 detecting a change in condition of the electronic certificate; and 

6 notifying the user of the electronic certificate of the change in condition. 

1 2. The method of claim 1 , wherein the user is a certificate user of the electronic 

2 certificate. 

1 3. The method of claim 2, further comprising allowing the certificate user to download 

2 an updated version of the electronic certificate. 

1 4. The method of claim 2, further comprising forwarding an updated electronic 

2 certificate to the certificate user concurrently with the step of notifying, thereby updating 

3 the electronic certificate. 

1 5. The method of claim 2, wherein step of notifying comprises notifying the certificate 

2 user by electronic mail. 
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1 6. The method of claim 2, wherein step of notifying comprises notifying the certificate 

2 user by telephone using an electronic voice messaging system. 

1 7. The method of claim 2, wherein step of notifying comprises notifying the certificate 

2 user by providing a paging signal to a pager for the recipient. 

1 8. The method of claim 2, comprising negotiating a contract with the certificate user 

2 regarding the type of change the certificate user is notified of in the step of notifying, 

3 negotiating the way of notifying the certificate user, negotiating the diligence with which 

4 the certificate user is notified of the change in condition, and negotiating a price for 

5 notifying the certificate user. 

1 9. The method of claim 1, wherein the change in condition detected in the detecting 

2 step consists of a change in condition selected from the following group: revocation of, 

3 roll-over of, change in field of, disablement of, or expiration of the electronic certificate. 

110. A system for notification of a change in condition for an electronic certificate has 

2 changed, comprising: 

3 a processor; 

4 a computer program executable on the processor; 

5 a first executable module in the computer program for detecting a change in 

6 condition of an electronic certificate; and 
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7 a second executable module in the computer program for notifying a user of the 

8 electronic certificate of the change in condition. 

1 11. The system of claim 10, wherein the electronic certificate is stored on a first server. 

1 12. The system of claim 11, wherein the first server further comprises the processor on 

2 which the computer program is stored and the first and second executable modules are 

3 executed. 

1 13. The system of claim 11, wherein the processor comprises a second server, wherein 

2 the first executable module is stored and executed on the first server, and wherein the 

3 second executable module is stored and executed on the second server. 

1 14. The system of claim 13, comprising an communication channel between the first 

2 and second servers for connecting the first server to the second server such that data 

3 communications may occur between the first and second servers. 

1 1 5. The system of claim 14, wherein the electrical connection comprises a network, 

2 said first and second servers each having a network interface for data communications in 

3 said network. 

1 1 6. The system of claim 1 5, wherein the first server comprises a certificate server. 
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1 1 7. The system of claim 1 0, wherein the user of the electronic certificate comprises a 

2 certificate user of the electronic certificate. 

1 18. The system of claim 17, comprising a third module in the computer program for 

2 negotiating a contract with the certificate user regarding the type of change the second 

3 module notifies the certificate user of, for negotiating the way the second module notifies 

4 the certificate user, for negotiating the diligence used for notifying the certificate user of the 

5 change in condition, and for negotiating a price for notifying the certificate user. 

1 1 9. The system of claim 1 8, wherein the processor is further for forwarding an updated 

2 electronic certificate to the certificate user, thereby updating the electronic certificate with 

3 respect to the certificate user. 

1 20. The system of claim 18, wherein the processor is further for allowing the certificate 

2 user to download an updated version of the electronic certificate from a certificate server. 

1 21. The system of claim 18, comprising a plurality of electronic certificates, wherein the 

2 electronic certificate for which the processor detects a change in condition comprises one 

3 of the plurality of electronic certificates. 

1 22. The system of claim 21, wherein the first module is for detecting a change in 

2 condition of one or more of the plurality of electronic certificates, and the second module 
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3 is for notifying one or more respective certificate users of the change in condition of the 

4 respective electronic certificate based on the contract negotiated by the third module. 

1 23. The system of claim 1 , wherein the change in condition detected by the first 

2 module consists of a change in condition selected from the following group: revocation of, 

3 roll-over of, change in field of, disablement of, or expiration of the electronic certificate. 
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1 ABSTRACT 

2 A system for notification of a change in condition of an electronic certificate is 

3 disclosed. The system includes a certificate server comprising a processor having a 

4 computer program comprising a plurality of executable modules that are executable on the 

5 processor. A first executable module is for detecting a change in condition of an electronic 

6 certificate. A second executable module in the computer program is for notifying a user of 

7 the electronic certificate of the change in condition. The computer program may comprise 

8 a third module for negotiating a contract, called a certificate action point (CAP), with the 

9 certificate user regarding the type of change in condition the second module notifies the 

1 0 certificate user of, the way the second module notifies the certificate user, the diligence 

1 1 with which the second module notifies the certificate user of the change in condition, and 

1 2 a price for notifying the certificate user. The change in condition may comprise revocation 

1 3 of, roll-over of, change in field of, disablement of, expiration of the electronic certificate, or 

14 other type of change in condition of an electronic recognized by those skilled in the art. 

1 5 An updated electronic certificate may be forwarded to the certificate user, thereby updating 

1 6 the electronic certificate with respect to the certificate user to the new version of the 

1 7 electronic certificate. Alternatively, the certificate user may selectively download an 

1 8 updated version of the electronic certificate from the certificate server. 
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